From: Ben Klang <ben@alkaloid.net>
Date: Wed, 29 Jun 2005 22:40:56 +0000 (+0000)
Subject: More work on the LDAP backend, including the groundwork for a permissions scheme... 
X-Git-Url: https://git.internetallee.de/?a=commitdiff_plain;h=e064a34f2ab7f18769d23240a31254807c174b17;p=horde.git

More work on the LDAP backend, including the groundwork for a permissions scheme.  Some code added to enumerate users.  Starting to take a bit of shape here.


git-svn-id: https://svn.alkaloid.net/gpl/shout/trunk@33 06cd67b6-e706-0410-b29e-9de616bca6e9
---

diff --git a/contexts.php b/contexts.php
index a95ff84bf..42d6099fd 100644
--- a/contexts.php
+++ b/contexts.php
@@ -1,11 +1,10 @@
 <?php
 if (!defined(SHOUT_BASE)) {
-    define(SHOUT_BASE, dirname($_SELF['PHP_SELF']));
+    define(SHOUT_BASE, dirname(__FILE__));
 }
 
 require_once SHOUT_BASE . "/lib/base.php";
-
-# instantiate driver
+require_once SHOUT_BASE . "/lib/Shout.php";
 
 # Get list of available contexts from the driver
 $contexts = $shout->getContexts();
@@ -13,6 +12,17 @@ if (is_a($contexts, 'PEAR_Error')) {
     $notification->push(_("Internal error viewing requested page"),
                         'horde.error');
 }
+
+if (count($contexts) < 1) {
+    $notification->push(_("You do not have permission to access this
+system.", 'horde.error'));
+    exit();
+} elseif (count($contexts) == 1) {
+    header("Location: " .
+        Horde::applicationUrl("users.php?context=$contexts[0]"));
+    exit();
+}
+
 # Print the contexts
 foreach($contexts as $context) {
     print "$context<br>\n";
diff --git a/index.php b/index.php
index 09361b6d5..14f1cfc30 100644
--- a/index.php
+++ b/index.php
@@ -9,13 +9,13 @@
  */
 
 define('SHOUT_BASE', dirname(__FILE__));
-$shout_configured = (@is_readable(SHOUT_BASE . '/config/conf.php') &&
-                     @is_readable(SHOUT_BASE . '/config/prefs.php'));
+$shout_configured = (@is_readable(SHOUT_BASE . '/config/conf.php'));# &&
+                     #@is_readable(SHOUT_BASE . '/config/prefs.php'));
 
-// if (!$shout_configured) {
-//     require SHOUT_BASE . '/../lib/Test.php';
-//     Horde_Test::configFilesMissing('Shout', SHOUT_BASE,
-//                                    array('conf.php', 'prefs.php'));
-// }
+if (!$shout_configured) {
+    require SHOUT_BASE . '/../lib/Test.php';
+    Horde_Test::configFilesMissing('Shout', SHOUT_BASE,
+                                   array('conf.php', 'prefs.php'));
+}
 
 require SHOUT_BASE . '/contexts.php';
\ No newline at end of file
diff --git a/lib/Driver.php b/lib/Driver.php
index 6933f065c..8e567c15a 100644
--- a/lib/Driver.php
+++ b/lib/Driver.php
@@ -26,29 +26,75 @@ class Shout_Driver {
      */
     var $_params = array();
     // }}}
-    
+
     // {{{ Shout_Driver constructor
     function Shout_Driver($params = array())
     {
         $this->_params = $params;
     }
     // }}}
-    
-    // {{{ getContexts method
+
+    // {{{ getContexts function
     /**
-     * Get a list of contexts from the backend and filter for which contexts
-     * the current user can read/write
+    * Get a list of contexts from the instantiated driver and filter
+    * the returned contexts for those which the current user can see/edit
+    *
+    * @return array Contexts valid for this user
+    *
+    * @access public
+    */
+    function getContexts()
+    {
+        # Initialize array to be returned
+        $retcontexts = array();
+
+        # Collect the master list of contexts from the backend
+        $contexts = $this->_getContexts();
+
+
+        # Narrow down the list of contexts to those valid for this user.
+        global $perms;
+
+        $superadminPermName = "shout:superadmin";
+        if ($perms->exists($superadminPermName)) {
+            $superadmin = $perms->getPermissions($superadminPermName) &
+                (PERMS_SHOW|PERMS_READ);
+        } else {
+            $superadmin = 0;
+        }
+
+        foreach($contexts as $context) {
+            $permName = "shout:contexts:".$context;
+            if ($perms->exists($permName)) {
+                $userperms = $perms->getPermissions($permName) &
+                    (PERMS_SHOW|PERMS_READ);
+            } else {
+                $userperms = 0;
+            }
+
+            if ((($userperms | $superadmin) ^ (PERMS_SHOW|PERMS_READ)) == 0) {
+                $retcontexts[] = $context;
+            }
+        }
+        return $retcontexts;
+    }
+    // }}}
+
+    // {{{
+    /**
+     * Get a list of users valid for the current context.  Return an array
+     * indexed by the extension.
      *
-     * @return array Contexts valid for this user
+     * @param string $context Context for which users should be returned
      *
-     * @access public
+     * @return array User information indexed by voice mailbox number
      */
-    function getContexts()
+    function getUsers($context)
     {
-        return PEAR::raiseError(_("Not implemented."));
+        return $this->_getUsers($context);
     }
     // }}}
-    
+
     // {{{ factory method
     /**
      * Attempts to return a concrete Shout_Driver instance based on
diff --git a/lib/Driver/ldap.php b/lib/Driver/ldap.php
index 3895d7e03..81fbcecfc 100644
--- a/lib/Driver/ldap.php
+++ b/lib/Driver/ldap.php
@@ -10,7 +10,7 @@ class Shout_Driver_ldap extends Shout_Driver
      * @var object LDAP $_LDAP
      */
     var $_LDAP;
-    
+
     /**
      * Boolean indicating whether or not we're connected to the LDAP
      * server.
@@ -18,7 +18,7 @@ class Shout_Driver_ldap extends Shout_Driver
      */
     var $_connected = false;
     // }}}
-    
+
     // {{{ Shout_Driver_ldap constructor
     /**
     * Constructs a new Shout LDAP driver object.
@@ -34,30 +34,24 @@ class Shout_Driver_ldap extends Shout_Driver
 
     // {{{ getContexts method
     /**
-    * Get a list of contexts from the backend and filter for which contexts
-    * the current user can read/write
+    * Get a list of contexts from the backend
     *
-    * @return array Contexts valid for this user
+    * @return array Contexts valid for this system
     *
-    * @access public
+    * @access private
     */
-    function getContexts()
+    function _getContexts()
     {
         # Collect all the possible contexts from the backend
         $res = ldap_search($this->_LDAP,
             SHOUT_ASTERISK_BRANCH.','.$this->_params['basedn'],
-            '(&(objectClass=asteriskObject)(objectClass=vofficeCustomer))',
+            '(&(objectClass=asteriskObject))',
             array('context'));
         if (!$res) {
             return PEAR::raiseError("Unable to locate any customers " .
-            "underneath ".SHOUT_ASTERISK_BRANCH.",".$this->_params['basedn']) .
-            "matching those search filters";
+            "underneath ".SHOUT_ASTERISK_BRANCH.",".$this->_params['basedn'] .
+            " matching those search filters");
         }
-        # Get the list of valid contexts for this user
-        # Possibly create the idea of an Asterisk Global Admin in the
-        # permissions system where an arbitrary user has permissions in all
-        # contexts
-
 
         $entries = array();
         $res = ldap_get_entries($this->_LDAP, $res);
@@ -71,10 +65,77 @@ class Shout_Driver_ldap extends Shout_Driver
     }
     // }}}
 
+    // {{{ _getUsers method
+    /**
+     * Get a list of users valid for the contexts
+     *
+     * @param string $context Context on which to search
+     *
+     * @return array User information indexed by voice mailbox number
+     */
+    function _getUsers($context)
+    {
+        $search = ldap_search($this->_LDAP,
+            SHOUT_USERS_BRANCH.','.$this->_params['basedn'],
+            '(&(objectClass='.SHOUT_USER_OBJECTCLASS.')(context='.$context.'))',
+            array('voiceMailbox', 'asteriskUserDialOptions',
+                'asteriskVoiceMailboxOptions', 'voiceMailboxPin',
+                'cn', 'telephoneNumber',
+                'asteriskUserDialTimeout', 'mail', 'asteriskPager'));
+        if (!$search) {
+            return PEAR::raiseError("Unable to search directory");
+        }
+        $res = ldap_get_entries($this->_LDAP, $search);
+        $entries = array();
+        $i = 0;
+        while ($i < $res['count']) {
+            $extension = $res[$i]['voicemailbox'][0];
+            $entries[$extension] = array();
+
+            $entries[$extension]['dialopts'] =
+                $res[$i]['asteriskuserdialoptions'];
+
+            $entries[$extension]['mailboxopts'] =
+                $res[$i]['asteriskvoicemailboxoptions'];
+
+            $entries[$extension]['mailboxpin'] =
+                $res[$i]['voicemailboxpin'][0];
+
+            $entries[$extension]['name'] =
+                $res[$i]['cn'][0];
+
+            $entries[$extension]['phonenumbers'] =
+                $res[$i]['telephonenumber'];
+
+            $entries[$extension]['dialtimeout'] =
+                $res[$i]['asteriskuserdialtimeout'][0];
+
+            $entries[$extension]['email'] =
+                $res[$i]['mail'][0];
+
+            $entries[$extension]['pageremail'] =
+                $res[$i]['asteriskpager'][0];
 
-    
-    // {{{ 
-    function getUserPhoneNumbers($username, $context = null)
+            $i++;
+        }
+
+        return $entries;
+    }
+    // }}}
+
+    // {{{ getUserPhoneNumbers method
+    /**
+     * Get a list of phone numbers for the given user from the backend
+     *
+     * @param string $extension Extension on which to search
+     *
+     * @param string $context Context for which this user is valid
+     *
+     * @return array Phone numbers for this user
+     *
+     * @access public
+     */
+    function getUserPhoneNumbers($extension, $context = null)
     {
         $userfilter = "(".$this->userkey."=".$username.",".
             $this->usersOU.",".$this->_params['basedn'].")";
@@ -83,7 +144,7 @@ class Shout_Driver_ldap extends Shout_Driver
             $searchfilter .= "($filter)";
         }
         $searchfilter .= ")";
-        
+
         $res = ldap_search($this->_LDAP, $this->_params['basedn'],
 $searchfilter,
             array("userNumber"));
@@ -93,7 +154,7 @@ $searchfilter under ".$this->_params['basedn']);
         }
         // FIXME
     }
-    
+
     // {{{ getUserVoicemailInfo method
     /**
      * Get the named user's voicemail particulars from LDAP
@@ -117,7 +178,7 @@ $userfilter,
         return $res;
     }
     // }}}
-        
+
     // {{{ _connect method
     /**
      * Attempts to open a connection to the LDAP server.
@@ -132,12 +193,12 @@ $userfilter,
             # FIXME What else is needed for this assert?
             Horde::assertDriverConfig($this->_params, 'storage',
                 array('hostspec', 'basedn', 'binddn', 'password'));
-            
+
             # FIXME Add other sane defaults here (mostly objectClass related)
             if (!isset($this->_params['userObjectclass'])) {
                 $this->_params['userObjectclass'] = 'asteriskUser';
             }
-           
+
             $this->_LDAP = ldap_connect($this->_params['hostspec'], 389); #FIXME
             if (!$this->_LDAP) {
                 Horde::fatal("Unable to connect to LDAP server $hostname on
@@ -151,10 +212,10 @@ $this->_params['version']);
             $res = ldap_bind($this->_LDAP, $this->_params['binddn'],
 $this->_params['password']);
             if (!$res) {
-                return PEAR::raiseError("Unable to bind to the LDAP server. 
+                return PEAR::raiseError("Unable to bind to the LDAP server.
 Check authentication credentials.");
             }
-        
+
             $this->_connected = true;
         }
         return true;
diff --git a/lib/Shout.php b/lib/Shout.php
index d43bdc1e0..b2bdbb36c 100644
--- a/lib/Shout.php
+++ b/lib/Shout.php
@@ -1,3 +1,60 @@
 <?php
 
-@define(SHOUT_ASTERISK_BRANCH, "ou=Asterisk");
\ No newline at end of file
+@define(SHOUT_ASTERISK_BRANCH, "ou=Asterisk");
+@define(SHOUT_USERS_BRANCH, "ou=Customers");
+@define(SHOUT_USER_OBJECTCLASS, "asteriskUser");
+
+// {{{ Class Shout
+class Shout
+{
+
+    // {{{ getMenu method
+    /**
+     * Build Shout's list of menu items.
+     *
+     * @access public
+     */
+    function getMenu($returnType = 'object')
+    {
+        global $conf, $page;
+
+        require_once 'Horde/Menu.php';
+
+        $menu = &new Menu(HORDE_MENU_MASK_ALL);
+
+        if (@count($conf['menu']['pages'])) {
+            foreach ($conf['menu']['pages'] as $pagename) {
+                /* Determine who we should say referred us. */
+                $curpage = isset($page) ? $page->pageName() : null;
+                $referrer = Util::getFormData('referrer', $curpage);
+
+                /* Determine if we should depress the button. We have to do
+                 * this on our own because all the buttons go to the same .php
+                 * file, just with different args. */
+                if (!strstr($_SERVER['PHP_SELF'], 'prefs.php') &&
+                    $curpage === _($pagename)) {
+                    $cellclass = 'current';
+                } else {
+                    $cellclass = '__noselection';
+                }
+
+                /* Construct the URL. */
+                $url = Horde::applicationUrl('display.php');
+                $url = Util::addParameter($url, array('page' => $pagename,
+                                                      'referrer' => $referrer));
+
+                $menu->add($url, _($pagename), $pagename . '.png', null, null,
+null, $cellclass);
+            }
+        }
+
+        if ($returnType == 'object') {
+            return $menu;
+        } else {
+            return $menu->render();
+        }
+    }
+    // }}}
+
+}
+// }}}
\ No newline at end of file
diff --git a/shout.webprj b/shout.webprj
index 4c2cc32d0..22b596d25 100644
--- a/shout.webprj
+++ b/shout.webprj
@@ -5,34 +5,35 @@
     <templates>templates/</templates>
     <toolbars>toolbars/</toolbars>
     <item url="" uploadstatus="2" />
-    <item modified_time="1120021726" url="templates/content_page" uploadstatus="2" />
+    <item modified_time="1120073766" url="templates/content_page" uploadstatus="2" />
     <item url="templates/" uploadstatus="2" />
     <item url="lib/" uploadstatus="2" />
     <item url="lib/Driver/" uploadstatus="2" />
-    <item modified_time="1120027108" url="lib/Driver/ldap.php" uploadstatus="2" />
-    <item modified_time="1120026738" url="lib/base.php" uploadstatus="2" />
-    <item modified_time="1120022640" url="lib/Driver.php" uploadstatus="2" />
-    <item modified_time="1120025651" url="contexts.php" uploadstatus="2" />
-    <item modified_time="1120021933" url="index.php" uploadstatus="2" />
+    <item modified_time="1120084658" url="lib/Driver/ldap.php" uploadstatus="2" />
+    <item modified_time="1120073766" url="lib/base.php" uploadstatus="2" />
+    <item modified_time="1120083975" url="lib/Driver.php" uploadstatus="2" />
+    <item modified_time="1120084132" url="contexts.php" uploadstatus="2" />
+    <item modified_time="1120077061" url="index.php" uploadstatus="2" />
     <uploadprofiles showtreeviews="true" defaultProfile="Shout" >
       <profile remote_host="picasso.v-office.biz" remote_port="" remote_path="/srv/vhost/users/aklang/sites/intranet.v-office.biz/shout" remote_protocol="sftp" user="aklang" name="Shout" >
         <uploadeditem upload_time="0" url="config/" />
-        <uploadeditem upload_time="1120022446" url="config/conf.xml" />
-        <uploadeditem upload_time="1120025616" url="contexts.php" />
-        <uploadeditem upload_time="1120021928" url="index.php" />
+        <uploadeditem upload_time="1120073766" url="config/conf.xml" />
+        <uploadeditem upload_time="1120084132" url="contexts.php" />
+        <uploadeditem upload_time="1120077061" url="index.php" />
         <uploadeditem upload_time="1120021874" url="index.php~" />
         <uploadeditem upload_time="0" url="lib/" />
-        <uploadeditem upload_time="1120022595" url="lib/Driver.php" />
+        <uploadeditem upload_time="1120083975" url="lib/Driver.php" />
         <uploadeditem upload_time="1120022560" url="lib/Driver.php~" />
         <uploadeditem upload_time="0" url="lib/Driver/" />
-        <uploadeditem upload_time="1120027088" url="lib/Driver/ldap.php" />
+        <uploadeditem upload_time="1120084658" url="lib/Driver/ldap.php" />
         <uploadeditem upload_time="1120026921" url="lib/Driver/ldap.php~" />
-        <uploadeditem upload_time="1120026672" url="lib/Shout.php" />
-        <uploadeditem upload_time="1120026697" url="lib/base.php" />
-        <uploadeditem upload_time="1120016080" url="lib/defines.php" />
+        <uploadeditem upload_time="1120084197" url="lib/Shout.php" />
+        <uploadeditem upload_time="1120073766" url="lib/base.php" />
+        <uploadeditem upload_time="1120073766" url="lib/defines.php" />
         <uploadeditem upload_time="1120027019" url="shout.webprj" />
         <uploadeditem upload_time="0" url="templates/" />
-        <uploadeditem upload_time="1120013664" url="templates/content_page" />
+        <uploadeditem upload_time="1120073766" url="templates/content_page" />
+        <uploadeditem upload_time="1120084144" url="users.php" />
       </profile>
     </uploadprofiles>
     <debuggers>
@@ -51,10 +52,10 @@
       <pathmapper/>
     </debuggers>
     <defaultDTD>-//w3c//dtd xhtml 1.0 strict//en</defaultDTD>
-    <item modified_time="1120021725" url="lib/defines.php" uploadstatus="1" />
-    <item modified_time="1120022441" url="config/conf.xml" uploadstatus="1" />
+    <item modified_time="1120073766" url="lib/defines.php" uploadstatus="1" />
+    <item modified_time="1120073766" url="config/conf.xml" uploadstatus="1" />
     <item url="config/" uploadstatus="1" />
-    <item modified_time="1120026739" url="lib/Shout.php" uploadstatus="1" />
+    <item modified_time="1120084197" url="lib/Shout.php" uploadstatus="1" />
     <author>Ben Klang</author>
     <email>ben@alkaloid.net</email>
     <debuggerclient>Gubed</debuggerclient>
@@ -65,8 +66,11 @@
       <mailinglist address="" />
     </teamdata>
     <events/>
+    <item modified_time="1120084144" url="users.php" />
     <treestatus>
       <openfolder url="lib" />
+      <openfolder url="lib/Driver" />
+      <openfolder url="templates" />
     </treestatus>
   </project>
 </webproject>